From f9fd24aecde4ebec8a4b85aa4e25fafc334a60e5 Mon Sep 17 00:00:00 2001
From: David Goodwin <david@codepoets.co.uk>
Date: Sun, 19 May 2019 20:04:32 +0100
Subject: [PATCH] use PHP date for comparison - see #254 and
 https://sourceforge.net/p/postfixadmin/discussion/676076/thread/70ed9843c0/?limit=25#685c
 and #240

---
 model/PFAHandler.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/model/PFAHandler.php b/model/PFAHandler.php
index cae29c76..84e719ca 100644
--- a/model/PFAHandler.php
+++ b/model/PFAHandler.php
@@ -857,7 +857,11 @@ abstract class PFAHandler {
 
         $table = table_by_key($this->db_table);
         $active = db_get_boolean(true);
-        $query = "SELECT token FROM $table WHERE " . $this->id_field . "='$username' AND token <> '' AND active='$active' AND NOW() < token_validity";
+
+        // Use PHP date for token check; this avoids a timezone issue between MySQL and PHP producing different dates.
+        $now = escape_string(date('Y-m-d H:i:s'));
+
+        $query = "SELECT token FROM $table WHERE " . $this->id_field . "='$username' AND token <> '' AND active='$active' AND '$now' < token_validity";
 
         $result = db_query($query);
         if ($result['rows'] == 1) {